PAN OS 11.1.4 h1 issues

The customer upgraded the PAN-OS to version 11.1.4-h1, but their MPLS link is down, similar to an interface port issue. The same problem occurred with versions 11.0.0 and 11.1.0, but on version 10.2.10, the MPLS link worked fine. The customer has man

Where to add Proxy ID with multiple tunnels?

Hey all,

We have 3 firewalls:

C1 = Cisco FW - Policy based S2S VPN -- subnet behind it 10.1.0.0/24

P2 = Palo FW - Route based S2S VPN -- subnet behind it 172.16.50.0/24

C3 = Cisco FW - Policy based S2S VPN -- subnet behind it 192.168.20.0/24

We hav

write a query for this specific group to track endpoint incidents

Hello everyone,

I have an endpoint group named "xyz" and I need to write a query for this specific group to track endpoint incidents over the week. 

Thanks!
Cortex XDR NGFW 

Traffic log Category: command-and-control

hello,

can someone please explain to me why I observe logs from an external ip of Type: TRAFFIC, Category: command-and-control 

Action: drop.
Shouldn't the category trigger for connections made from inside out ?
Also, why it generates Traffic logs and

PA-400 Check software not working

Hi,

I have a standalone PA-440 device which I tried to check for upgrades to update its PANOS from 11.0.x releases to 11.1, but the check for updates never pulled any new updates from Palo Alto repositories, and all I am getting is an empty list.

in palo alto isp2 as private ip address , and gateway is not reachable

HI Team,in palo alto isp2 as private ip address dhcp , link is working fine in laptop,after connecting to firewall gate way uis not reachable,both link are in same VR , for Both isp defualt route configured, please assist me resolve the issue

Palo Alto-certified SFP check

Hello,

Normally we use the following commands to check an SFP by Palo Alto Certified or not. 

Upcoming November 18, 2024 Deadline for User-ID and Terminal Server (TS) Agent Certificate Expiration

we have PA-3250 running PAN-OS 10.1.10-h1, please advise that User-ID and Terminal Server (TS) Agent Certificate Expiration will affect our services ? or  should i need to upgrade firewall which version?

PAN OS Issues with MPLS Link

We noticed that the customer’s environment had an upgrade of the PA-440 to PAN-OS 11.1.4-h1, but they experienced an MPLS link-down issue. The same issue was observed on the remaining four firewalls. After downgrading to PAN-OS 10.2.10, the MPLS link

problem in integration with clearpass XML API

while trying to integrate Aruba ClearPass with PA to send login info and user role to PA from ClearPass using XML API the following errors appears in ClearPass side, and no error appear from PA side 

unable to post request to PAN (IP address), error:

System Log : Number of uncommitted changes is greater than 250 please commit the changes.

It occurs in the system log as shown in the message below.

What causes these logs to occur, and what can I do to prevent them from happening?

Message : Number of uncommitted changes is greater than 250 please commit the changes.

Enhancing OT Network Security with a 2.5 DMZ:

In our OT network, we're considering adding a Level 2.5 DMZ to bolster security. This would serve as an additional layer of protection between the control systems (Level 2) and the enterprise network (Level 4).

Specific Design:

• Level 2.5 DMZ: Host thir